Description

A flaw was found in curl. When curl is configured to use distinct proxies for different URL schemes, a redirect from a URL using an authenticated proxy to one using an unauthenticated proxy can inadvertently expose the initial proxy's credentials. This improper credential management (CWE-522) may allow an attacker to gain unauthorized access or information by intercepting these disclosed credentials.

INFO

Published Date :

Last Modified :

Source :

AFFECTED PRODUCTS

The following products are affected by CVE-2026-6253 vulnerability.

Vendors Products
Curl
  • Curl
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-6253.

URL Resource
https://curl.se/docs/CVE-2026-6253.html cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2026-6253 cve-icon
https://www.cve.org/CVERecord?id=CVE-2026-6253 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact